Linux Distros Unpatched Vulnerability : CVE-2026-6993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component...

GO-2024-3088 memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

memos CORS Misconfiguration in server.go GHSL-2024-034 in github.com/usememos/memos...

CVE-2024-41659 GHSL-2024-034: memos CORS Misconfiguration in server.go

memos is a privacy-first, lightweight note-taking service. A CORS misconfiguration exists in memos 0.20.1 and earlier where an arbitrary origin is reflected with Access-Control-Allow-Credentials set to true. This may allow an attacking website to make a cross-origin request, allowing the attacker...

Authentication Bypass

github.com/nats-io/nats-server is vulnerable to Authentication Bypass. The vulnerability is due to configureAccounts function in server.go which allows the creation of a no-authenticated user for the global account. This potentially leads an attacker to unauthorized access to the global account...

Privilege Escalation

github.com/nektos/act is vulnerable to Privilege Escalation. The vulnerability exists in multiple functions of server.go because the path inputs are not sanitized which allows an attacker to download and overwrite arbitrary files on the host...

Path Traversal

github.com/uber/kraken is vulnerable to Path Traversal. The vulnerability exists because the downloadHandler parameter in the server.go does not properly sanitize the relative file paths and user inputs, allowing an attacker to write arbitrary files outside the expected directory...

Path Traversal

github.com/jfrazelle/pastebinit is vulnerable to path traversal. The vulnerability exists due to the improper path handling in the pasteHandler function of server.go, allowing an attacker to access files outside the restricted directory...

pastebinit Path Traversal vulnerability

A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 can address this issue. The name of the pat...

CVE-2018-25059 pastebinit server.go pasteHandler path traversal

A vulnerability was found in pastebinit up to 0.2.2 and classified as problematic. Affected by this issue is the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path traversal. Upgrading to version 0.2.3 is able to address this issue. The name of...

PT-2022-8069 · Unknown · Pastebinit

Name of the Vulnerable Software and Affected Versions: pastebinit versions up to 0.2.2 Description: A vulnerability was found in pastebinit, classified as problematic. The issue affects the function pasteHandler of the file server.go. The manipulation of the argument r.URL.Path leads to path...

Cross-Site Scripting (XSS)

github.com/usememos/memos is vulnerability to Cross-Site Scripting XSS. The vulnerability exists in server.go because when a svg file containing malicious data is uploaded it will not filter the content of the uploaded files and will be triggered when the user accesses...

Information Disclosure

github.com/Azure/aad-pod-identity is vulnerable to information disclosure. The vulnerability exists because server.go does not properly handle invalid token requests, allowing an attacker to bypass the NMI validation and send the token to IMDS in the cluster through the token request made with...

Denial Of Service (DoS)

github.com/golang/net is vulnerable to Denial Of Service DoS. The vulnerability exists in goAway function in server.go because the server errors are not properly handled which allows an attacker to cause an application crash...